Error changing password from any user
Brought to you by:
cinergi
Menu
▾
▴
Hello after having upgraded my ubuntu server, I can't change passwords of users in the database.
Before the upgrade the system worked very well.
passwd user
passwd: Failed preliminary check by password service
The second mysql query is the following :
SELECT 0, FROM `user` WHERE user.user_name = 'login of the user'
Thanks
According to
https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/2002-September/000445.html
This is a result of a 'weak' password. If you try some really crazy password (8+ characters, alphanumeric, upper and lower case, a digit and a special character), does this still happen?
Hello,
How can I change the password of an user to test this security feature considering that the command passwd doesn't work.
Looking forward to hearing from you.
You're getting the error before even being given a chance to enter the password? If that's the case, then I'm guessing there's something different/wrong with the PAM configuration caused by the upgrade. Are you able to see what's changed for the 'passwd' PAM configuration?
Yes I do. If I try to change the password of an user being root I get this error passwd: Failed preliminary check by password service
And I have the following error passwd: Permission denied, if an user tries to change his own password.
What do you mean with the passwd PAM configuration ?
In the file /etc/pam.d/passwd there is :
@include common-password
In the file /etc/pam.d/common-password there is :
password sufficient pam_unix.so nullok obscure min=4 max=8 md5
password required pam_mysql.so nullok ignore_root user=db_user passwd=db_user_password db=dbUsers table=`user` usercolumn=user.user_name crypt=1 md5 try_first_pass passwordcolumn=user.password
I don't really know what has changed since the upgrade.
Thanks
That pam_mysql module in common-password worries me. Is there an older copy of the file (e.g. common-password.bak) or a copy you can pull from another machine that doesn't have this entry? I'm not familiar with ubuntu -- is there a configuration utility you can run that sets up the system's authentication? (e.g. lets you choose ldap, nis, text files, etc) If so, I'd run that, set it to files only, and then add in the mysql entries to /etc/nsswitch.conf by hand.
I looked for an older copy of this file but I found nothing.
I also tried to run dpkg-reconfigure passwd, the setup program asks me if I want to enable shadow passwords or not then it falls in error because it doesn't look in the database to find groups so it asks to me to add the missing groups to the file /etc/group and rerun the setup.
Another idea ?
Can you try removing the line starting with
password required pam_mysql.so [...]
from your password-common PAM config file? That'll hopefully at least help steer us in the right direction.
Do you have another server you can test with that has a default /etc/passwd so that "dpkg-reconfigure passwd" will run without complaining? I could download and install the distro myself but that'll take me some time to do ...